diff --git a/SS14.Auth.Shared/AuthConstants.cs b/SS14.Auth.Shared/AuthConstants.cs
index 45254ad..2a20dd2 100644
--- a/SS14.Auth.Shared/AuthConstants.cs
+++ b/SS14.Auth.Shared/AuthConstants.cs
@@ -2,6 +2,20 @@
public static class AuthConstants
{
+ ///
+ /// User has any admin role.
+ ///
+ public const string PolicyAnyHubAdmin = "AnyHubAdmin";
+
+ ///
+ /// User has the ability to mess with the accounts list and OAuth clients.
+ ///
public const string PolicySysAdmin = "SysAdmin";
public const string RoleSysAdmin = "SysAdmin";
+
+ ///
+ /// User has the ability to mess with the game server hub.
+ ///
+ public const string PolicyServerHubAdmin = "ServerHubAdmin";
+ public const string RoleServerHubAdmin = "ServerHubAdmin";
}
\ No newline at end of file
diff --git a/SS14.Auth.Shared/Data/SpaceUser.cs b/SS14.Auth.Shared/Data/SpaceUser.cs
index 4542757..951e6d4 100644
--- a/SS14.Auth.Shared/Data/SpaceUser.cs
+++ b/SS14.Auth.Shared/Data/SpaceUser.cs
@@ -99,6 +99,9 @@ public sealed record AccountLogRecoveryCodesGenerated(Guid Actor) : AccountLogEn
public sealed record AccountLogAdminNotesChanged(string NewNotes, Guid Actor) : AccountLogEntry;
public sealed record AccountLogAdminLockedChanged(bool NewLocked, Guid Actor) : AccountLogEntry;
+public sealed record AccountLogAuthRoleAdded(Guid Role, Guid Actor) : AccountLogEntry;
+public sealed record AccountLogAuthRoleRemoved(Guid Role, Guid Actor) : AccountLogEntry;
+
public enum AccountLogType
{
Created = 0,
@@ -115,4 +118,6 @@ public enum AccountLogType
RecoveryCodesGenerated = 11,
AdminNotesChanged = 12,
AdminLockedChanged = 13,
+ AuthRoleAdded = 14,
+ AuthRoleRemoved = 15
}
\ No newline at end of file
diff --git a/SS14.Auth.Shared/Data/SpaceUserManager.cs b/SS14.Auth.Shared/Data/SpaceUserManager.cs
index 157679b..281b8f4 100644
--- a/SS14.Auth.Shared/Data/SpaceUserManager.cs
+++ b/SS14.Auth.Shared/Data/SpaceUserManager.cs
@@ -91,14 +91,6 @@ public void LogPasswordChanged(SpaceUser user, SpaceUser actor)
new AccountLogPasswordChanged(actor.Id));
}
- public void LogHubAdminChanged(SpaceUser user, bool newHubAdmin, SpaceUser actor)
- {
- AccountLog(
- user,
- AccountLogType.HubAdminChanged,
- new AccountLogHubAdminChanged(newHubAdmin, actor.Id));
- }
-
public void LogEmailConfirmedChanged(SpaceUser user, bool newEmailConfirmed, SpaceUser actor)
{
AccountLog(
@@ -139,6 +131,22 @@ public void LogAdminLockedChanged(SpaceUser user, bool newLocked, SpaceUser acto
new AccountLogAdminLockedChanged(newLocked, actor.Id));
}
+ public void LogAuthRoleAdded(SpaceUser user, Guid role, SpaceUser actor)
+ {
+ AccountLog(
+ user,
+ AccountLogType.AuthRoleAdded,
+ new AccountLogAuthRoleAdded(role, actor.Id));
+ }
+
+ public void LogAuthRoleRemoved(SpaceUser user, Guid role, SpaceUser actor)
+ {
+ AccountLog(
+ user,
+ AccountLogType.AuthRoleRemoved,
+ new AccountLogAuthRoleRemoved(role, actor.Id));
+ }
+
public void AccountLog(SpaceUser user, AccountLogType type, AccountLogEntry entry)
{
_dbContext.AccountLogs.Add(new AccountLog
diff --git a/SS14.Auth/Services/EnsureRolesService.cs b/SS14.Auth/Services/EnsureRolesService.cs
index cb1348c..0431f81 100644
--- a/SS14.Auth/Services/EnsureRolesService.cs
+++ b/SS14.Auth/Services/EnsureRolesService.cs
@@ -17,7 +17,8 @@ namespace SS14.Auth.Services;
public sealed class EnsureRolesService : IHostedService
{
private static readonly string[] RolesToEnsure = {
- AuthConstants.RoleSysAdmin
+ AuthConstants.RoleSysAdmin,
+ AuthConstants.RoleServerHubAdmin
};
private readonly IServiceProvider _serviceProvider;
@@ -40,14 +41,14 @@ public async Task StartAsync(CancellationToken cancellationToken)
foreach (var roleName in RolesToEnsure)
{
- if (await roleManager.FindByNameAsync(AuthConstants.RoleSysAdmin) != null)
+ if (await roleManager.FindByNameAsync(roleName) != null)
continue;
_logger.LogInformation("Creating role {Role} because it does not exist in the database yet", roleName);
await roleManager.CreateAsync(new SpaceRole
{
- Name = AuthConstants.RoleSysAdmin
+ Name = roleName
});
}
diff --git a/SS14.Web/Areas/Admin/Pages/Index.cshtml b/SS14.Web/Areas/Admin/Pages/Index.cshtml
index 15bad14..79dc445 100644
--- a/SS14.Web/Areas/Admin/Pages/Index.cshtml
+++ b/SS14.Web/Areas/Admin/Pages/Index.cshtml
@@ -1,5 +1,9 @@
@page
+@using Microsoft.AspNetCore.Authorization
+@using Microsoft.AspNetCore.Mvc.TagHelpers
+@using SS14.Auth.Shared
@model SS14.Web.Areas.Admin.Pages.Index
+@inject IAuthorizationService AuthorizationService
@{
ViewData["Title"] = "Hub Admin";
@@ -11,5 +15,13 @@
-Users
-OAuth Clients
\ No newline at end of file
+@if ((await AuthorizationService.AuthorizeAsync(User, AuthConstants.PolicySysAdmin)).Succeeded)
+{
+ Users
+ OAuth Clients
+}
+
+@if ((await AuthorizationService.AuthorizeAsync(User, AuthConstants.PolicyServerHubAdmin)).Succeeded)
+{
+ Servers
+}
\ No newline at end of file
diff --git a/SS14.Web/Areas/Admin/Pages/Servers/Index.cshtml b/SS14.Web/Areas/Admin/Pages/Servers/Index.cshtml
new file mode 100644
index 0000000..7604719
--- /dev/null
+++ b/SS14.Web/Areas/Admin/Pages/Servers/Index.cshtml
@@ -0,0 +1,14 @@
+@page
+@model SS14.Web.Areas.Admin.Pages.Servers.Index
+
+@{
+ ViewData["Title"] = "Servers home";
+}
+
+
+
diff --git a/SS14.Web/Areas/Admin/Pages/Servers/Index.cshtml.cs b/SS14.Web/Areas/Admin/Pages/Servers/Index.cshtml.cs
new file mode 100644
index 0000000..018739e
--- /dev/null
+++ b/SS14.Web/Areas/Admin/Pages/Servers/Index.cshtml.cs
@@ -0,0 +1,11 @@
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace SS14.Web.Areas.Admin.Pages.Servers;
+
+public class Index : PageModel
+{
+ public void OnGet()
+ {
+
+ }
+}
\ No newline at end of file
diff --git a/SS14.Web/Areas/Admin/Pages/Users/ViewUser.cshtml b/SS14.Web/Areas/Admin/Pages/Users/ViewUser.cshtml
index 1421df0..771f39b 100644
--- a/SS14.Web/Areas/Admin/Pages/Users/ViewUser.cshtml
+++ b/SS14.Web/Areas/Admin/Pages/Users/ViewUser.cshtml
@@ -60,6 +60,16 @@
+
+